License Enforcement at Install

Prevent packages with disallowed licenses from being installed. License rules in Dependency Firewall apply at the registry across all developers and CI/CD pipelines.

Book a Demo

License problems are found after the code ships

A copyleft license appears in a transitive dependency. By the time it is found, it is in a release. Remediation means reopening closed work.

  • Disallowed licenses enter the codebase undetected

    Package managers do not check licenses. A GPL or AGPL dependency installs silently alongside everything else.

  • License review happens manually and after the fact

    By the time legal or compliance reviews a build, the package is already in version control and downstream builds.

What your team gets

  • Disallowed licenses blocked at install

    Packages with licenses on your blocklist fail before they land on a developer machine or in a CI cache.

  • Rules apply across all teams and pipelines

    License policy lives in the firewall. No per-project configuration required.

  • Allowlist or blocklist

    Allow only a named set of licenses, or block specific ones. Everything outside the allowlist is stopped.

  • Exceptions with audit records

    When a blocked license needs a one-time exception, it is granted with a scope, owner, and expiry in the audit log.

How Dependency Firewall handles this

Dependency Firewall evaluates package licenses against your policy and blocks installs that do not comply.

  • Block or log packages by license type
  • Applies at install across all teams and pipelines
  • Exceptions logged for audit
See Dependency Firewall See pricing

Built for the teams involved

  • Legal and compliance teams

    They define which licenses are disallowed. The firewall enforces it without requiring developer awareness.

  • Security and AppSec teams

    License policy runs alongside vulnerability and malware rules in the same firewall configuration.

What changes in practice

  • License violations caught before they enter version control

    Blocked at install, not found in a post-release scan.

  • Consistent license policy without manual review per build

    Rules apply at the registry. No developer or pipeline has to remember to check.

Questions about this use case

Can we allow some licenses and block everything else?

Yes. Configure an allowlist of approved licenses. Anything not on the list is blocked.

Does this replace an SCA tool?

No. The firewall blocks disallowed licenses at install time. For a full software inventory and release-level license reporting, that is SBOM Observer.

Talk to us about license enforcement at install.

We can walk through the product fit for your environment and where each Observer product fits.

Book a Demo